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Claims 

1. A method (750) for processing data packets in a gateway element, said method 
comprising the steps of: 

- comparing (751) a data packet to screening information comprising a set of rules, 
5 and 

- processing (755) a data packet according to a rule belonging to the set of rules, the 
header information of said data packet matching the header information of said rule, 
characterized in that 

- said screening information is hierarchically structured so that it comprises a first 
10 rule, which specifies first header information, and a subset of rules relating to said 

first rule, and in that 

□ - in said step of comparing a data packet, said data packet is compared (754, 756) to 

% said subset of rules only if the header information of the data packet matches the 

>4 header information of the first rule. 

m 

J2 15 2. A method according to claim 1, characterized in that 

p - said subset of rules comprises a second rule, which specifies second header 

E information, and a second subset of rules, said second subset of rules relating to said 

f»3 second rule, and in that 

- in said step of comparing a data packet, said data packet is compared to said 

f ii i 

*Z 20 second subset of rules only, if the header information or the data packet matches the 

yh header information of the second rule. 

3. A method according to claim 1, characterized in that 

- said set of rules is an ordered sequence of rules, 

- said subset of rules is an ordered sub-sequence of said ordered sequence of rules, 
25 and 

- in said step of comparing a data packet, said data packet is compared to the rules 
in the order defined by the ordered sequence. 

4. A method according to claim 1 , characterized in that for said subset of rules, 
an enri^which is authorized to modi^ s^ ^ 

30 5. A method according to claim 1, characterized in that at least one rule 
belonging to said subset of rules comprises a generic information portion, said 
generic information portion to be replaced with second information before a data 
packet is compared to said at least one rule. 
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6. A method according to claim 1, characterized in that said screening 
information comprises a first part, which is modifiable by an entity authorized to 
configure said gateway element, and a second part, which is modifiable by an entity 
specifically authorized to modify said second part. 

5 1. A gateway element (80) comprising 

- means (801) for storing screening information and 

- means (802) for processing data packets, said processing involving comparison of 
a data packet header to header information specified in said screening information, 
characterized in that said means (802) for processing data packets are arranged to 

10 compare header information of a data packet to screening information comprising a 
first rule, which specifies first header information, and a subset of rules relating to 

p said first rule, and arranged to compare a data packet to said subset of rules only if 

the header information of the data packet matches the header information of the first 

Cj rule. 
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15 8. A gateway element according to claim 7, characterized in that it further 
comprises 

e - means (803) for detecting generic information portions in said screening 

p information, 

Ik - means (803) for receiving second information, and 

P*J 20 - means (803) for replacing the generic information portion in said screening 

['^ information with said second information. 

9. A gateway element according to claim 8, characterized in that it further 
comprises 

- means (804) for preventing modification of at least one rule belonging said 
25 information. 

10. A gateway element according to claim 7, characterized in that it further 
comprises 

- means (805) for receiving at least part of said screening information from a 
database entity. 

30 11. A gateway element according to claim 10, characterized in that it further 
comprises 

- means (806) for fetching at least part of said screening information from said 
database entity, said means for fetching being arranged to initiate fetching as part of 
configuration of said gateway element. 




12. An arrangement (85) comprising at least one gateway element (80) and a 
database entity (81), said at least one gateway element comprising 

- means (801) for storing information for screening data packets and 

- means (802) for processing data packets, said processing involving comparison of 
5 a data packet header to header information specified in said screening information, 

characterized in that } 

- said database entity comprises means (82) for providing information for screening 
data packets, 

- said at least one gateway element further comprises means (805) for receiving at 
10 least part of said information for screening data packets from said database entity, 

and said means (802) for processing data packets are arranged to compare header 
information of a data packet to screening information comprising a first rule, which 
specifies first header information, and a subset of rules relating to said first rule, and 
arranged to compare a data packet to said subset of rules only if the header 
15 information of the data packet matches the header information of the first rule. 

13. A computer program comprising program code for performing all the steps of 
Claim 1 when said program is run on a computer. 

14. A computer program product comprising program code means stored on a 
computer readable medium for performing the method of Claim 1 when said 

20 program product is run on a computer. 

15. A data structure (40, 60, 64, 66) comprising screening information, charac- 
terized in that said screening information is hierarchically structured so that it 
comprises a first rule (401), which specifies first header information, and a subset of 
rules (402, 403) relating to said first rule, said first header information being 

25 common to said rules belonging to said subset of rules. 

16. A data structure (42) according to claim 15, characterized in that said subset 
of rules comprises a second rule (421), which specifies second header information, 
and a second subset of rules (422, 423), said second subset of rules relating to said 
second rule, said second header information being common to said rules belonging 

30 to said second subset of rules. 



